General
-
Target
file.exe
-
Size
2.4MB
-
Sample
221206-wvwjxaed9s
-
MD5
7154a5f46e98fb0ce707e73613e1e069
-
SHA1
7df1d61b71e6b30d41cccf06f9bc5057c66587db
-
SHA256
ef5f90190b02567c1e2afb1835edb80b0a6276178df005b3a366eac080ef3ac0
-
SHA512
fa065a89886292353d347bf507ba166e98f1a896d6d69eb049d164d4605c605ad6a12e82c1d2254a8f810cee60417204e4777f3b1e414a3d88b95499055c52bf
-
SSDEEP
12288:zEfdieNsYHk31Qbgp1NvQu+0f5gwYqfhuaDYsKm0S6n:zL31QEp1hQ0fqwYqfqsNy
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
@andriii_ff
176.124.220.67:30929
-
auth_value
525a7ad8080b3552f2f7735af7644111
Targets
-
-
Target
file.exe
-
Size
2.4MB
-
MD5
7154a5f46e98fb0ce707e73613e1e069
-
SHA1
7df1d61b71e6b30d41cccf06f9bc5057c66587db
-
SHA256
ef5f90190b02567c1e2afb1835edb80b0a6276178df005b3a366eac080ef3ac0
-
SHA512
fa065a89886292353d347bf507ba166e98f1a896d6d69eb049d164d4605c605ad6a12e82c1d2254a8f810cee60417204e4777f3b1e414a3d88b95499055c52bf
-
SSDEEP
12288:zEfdieNsYHk31Qbgp1NvQu+0f5gwYqfhuaDYsKm0S6n:zL31QEp1hQ0fqwYqfqsNy
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-